From 3bda24173df9b071aafc7c3f294c17af3ea2c7d0 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Ond=C5=99ej=20Kuzn=C3=ADk?= <okuznik@symas.com>
Date: Wed, 27 Mar 2019 10:27:44 +0000
Subject: [PATCH] Do not leak memory in slappasswd

---
 servers/slapd/slappasswd.c | 10 ++++++++--
 1 file changed, 8 insertions(+), 2 deletions(-)

diff --git a/servers/slapd/slappasswd.c b/servers/slapd/slappasswd.c
index 3bce474a19..4a45cedf15 100644
--- a/servers/slapd/slappasswd.c
+++ b/servers/slapd/slappasswd.c
@@ -112,7 +112,7 @@ slappasswd( int argc, char *argv[] )
 	int		i;
 	char		*newline = "\n";
 	struct berval passwd = BER_BVNULL;
-	struct berval hash;
+	struct berval hash = BER_BVNULL;
 
 #ifdef LDAP_DEBUG
 	/* tools default to "none", so that at least LDAP_DEBUG_ANY
@@ -257,7 +257,7 @@ slappasswd( int argc, char *argv[] )
 	}
 
 	lutil_passwd_hash( &passwd, scheme, &hash, &text );
-	if( hash.bv_val == NULL ) {
+	if ( BER_BVISNULL( &hash ) ) {
 		fprintf( stderr,
 			"Password generation failed for scheme %s: %s\n",
 			scheme, text ? text : "" );
@@ -279,6 +279,12 @@ destroy:;
 #ifdef SLAPD_MODULES
 	module_kill();
 #endif
+	if ( !BER_BVISNULL( &hash ) ) {
+		ber_memfree( hash.bv_val );
+	}
+	if ( passwd.bv_val != hash.bv_val && !BER_BVISNULL( &passwd ) ) {
+		ber_memfree( passwd.bv_val );
+	}
 
 	return rc;
 }